diff --git a/docker-compose.yaml b/docker-compose.yaml
index 4a980f2..f453449 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -156,8 +156,8 @@ services:
MINIO_SECURE: "false"
# Number of uvicorn worker processes (each is its own process bound to a
- # distinct port starting at 8000). nginx load-balances across them with
- # least_conn — see setup_remote.sh.
+ # distinct port starting at 8000). dograh-init renders nginx upstreams
+ # from this value and nginx load-balances across them with least_conn.
FASTAPI_WORKERS: "${FASTAPI_WORKERS:-1}"
# Langfuse — credentials can be set here or per-organization via the UI
diff --git a/docs/deployment/custom-domain.mdx b/docs/deployment/custom-domain.mdx
index 12e576f..7cc050c 100644
--- a/docs/deployment/custom-domain.mdx
+++ b/docs/deployment/custom-domain.mdx
@@ -76,7 +76,7 @@ It will automatically:
- Install Certbot
- Generate Let's Encrypt SSL certificates
- Update the canonical public host/base URL settings in `.env`
-- Re-render `nginx.conf` and `turnserver.conf` from the shared templates
+- Validate the runtime config that `dograh-init` will render from `.env`
- Configure automatic certificate renewal
- Restart Dograh services through the validated startup wrapper
@@ -163,7 +163,7 @@ PUBLIC_BASE_URL=https://voice.yourcompany.com
### Start Dograh Services
-Start Dograh through the validated startup wrapper so the generated nginx and coturn configs are refreshed before Docker starts:
+Start Dograh through the validated startup wrapper so `dograh-init` regenerates nginx and coturn runtime config before Docker starts:
```bash
cd dograh
@@ -231,7 +231,7 @@ If Certbot fails to generate certificates:
If you see SSL errors after setup:
1. Verify the certificates were copied correctly: `ls -la dograh/certs/`
-2. Run `./remote_up.sh --preflight-only` in `dograh/` to verify the regenerated remote config matches `.env`
+2. Run `./remote_up.sh --preflight-only` in `dograh/` to verify the `dograh-init` runtime render matches `.env`
3. Restart the nginx container: `sudo docker compose --profile remote restart nginx`
### WebRTC Connection Issues
diff --git a/docs/deployment/docker.mdx b/docs/deployment/docker.mdx
index 9c7baa9..6f3d1de 100644
--- a/docs/deployment/docker.mdx
+++ b/docs/deployment/docker.mdx
@@ -66,7 +66,7 @@ The script will prompt you for:
- The host browsers should use to reach TURN (press Enter for `127.0.0.1`; use your LAN IP if testing from another device on the same network)
- A shared secret for the TURN server (press Enter to generate a random one)
-It creates `docker-compose.yaml`, `turnserver.conf`, and a `.env` file with TURN credentials. Start the stack with the `local-turn` profile so coturn comes up alongside the other services:
+It creates `docker-compose.yaml`, a `.env` file with TURN credentials, and the small helper bundle that `dograh-init` uses to render coturn config at startup. Start the stack with the `local-turn` profile so coturn comes up alongside the other services:
```bash
docker compose --profile local-turn up --pull always
@@ -121,7 +121,7 @@ It will automatically:
- Download the validated remote deployment helper bundle
- Generate SSL certificates
- Create an environment file with TURN server configuration
-- Render `nginx.conf` and `turnserver.conf` from shared templates
+- Validate the runtime config that `dograh-init` will render from `.env`
- Write a `docker-compose.override.yaml` with build directives (build mode only)
### Start the Application
@@ -175,12 +175,14 @@ The setup script creates the following files in the `dograh/` directory:
|------|---------|
| `docker-compose.yaml` | Main Docker Compose configuration |
| `docker-compose.override.yaml` | Build directives for `api` and `ui` (**build mode only**) |
-| `turnserver.conf` | Configuration for TURN server |
-| `nginx.conf` | nginx reverse proxy configuration with your IP |
+| `remote_up.sh` | Validated startup wrapper for the remote stack |
+| `scripts/run_dograh_init.sh` | One-shot init renderer/validator used by Docker Compose |
+| `scripts/lib/remote_common.sh` | Shared deployment helper library |
+| `deploy/templates/` | nginx and coturn runtime config templates |
| `generate_certificate.sh` | Script to regenerate SSL certificates |
| `certs/local.crt` | Self-signed SSL certificate |
| `certs/local.key` | SSL private key |
-| `.env` | Environment variables (TURN secret, JWT secret, FastAPI worker count) |
+| `.env` | Single source of truth for deployment settings (TURN secret, JWT secret, FastAPI worker count, public host/base URL) |
### Building from source
diff --git a/docs/deployment/scaling.mdx b/docs/deployment/scaling.mdx
index 45396b4..b3910ed 100644
--- a/docs/deployment/scaling.mdx
+++ b/docs/deployment/scaling.mdx
@@ -8,7 +8,7 @@ By default, the Dograh API container runs a single uvicorn worker. For productio
This page covers how the multi-worker setup works, how to choose a worker count at install time, and how to change it on a running stack.
-Multi-worker support requires **Dograh v1.29.0 or newer**. Earlier releases used `uvicorn --workers` and ship a different `setup_remote.sh` / `start_services_docker.sh` / `nginx.conf` layout — the steps below will not work on them. If your stack is older, [update first](/deployment/update) and then come back to this page.
+Multi-worker support requires **Dograh v1.29.0 or newer**. Earlier releases used `uvicorn --workers` and a different remote deployment layout. If your stack is older, [update first](/deployment/update) and then come back to this page.
## How it works
@@ -58,11 +58,11 @@ Press Enter for the default (`4`) or enter a different positive integer. Non-int
SERVER_IP=... TURN_SECRET=... FASTAPI_WORKERS=8 ./setup_remote.sh
```
-The script stores the value in **`.env`** (`FASTAPI_WORKERS=N`). The supported startup path (`./remote_up.sh`) re-renders `nginx.conf` from that value before every remote start, so nginx and the API worker count stay aligned.
+The script stores the value in **`.env`** (`FASTAPI_WORKERS=N`). The supported startup path (`./remote_up.sh`) preflights the `dograh-init` render from that value before every remote start, so nginx and the API worker count stay aligned.
## Changing the worker count on a running stack
-Once Dograh is running, increasing or decreasing the worker count is a one-file edit plus a restart. Change `.env`, then start through `./remote_up.sh` so the generated `nginx.conf` is refreshed before Docker starts the stack.
+Once Dograh is running, increasing or decreasing the worker count is a one-file edit plus a restart. Change `.env`, then start through `./remote_up.sh` so `dograh-init` regenerates nginx runtime config before Docker starts the stack.
### Steps
@@ -90,7 +90,7 @@ If you want to avoid downtime and your stack is healthy, you can recreate only t
./remote_up.sh -- api nginx
```
-`remote_up.sh` re-renders `nginx.conf`, validates that it matches `.env`, runs `docker compose config -q`, and then starts the requested services.
+`remote_up.sh` validates `.env`, runs the same `dograh-init` render that Compose will use at startup, runs `docker compose config -q`, and then starts the requested services.
**3. Verify.** Confirm the right number of uvicorn processes are running. The API image is slim and doesn't include `ps`, so use Docker's host-side view instead:
diff --git a/docs/deployment/update.mdx b/docs/deployment/update.mdx
index 4d601f7..6ddc0c4 100644
--- a/docs/deployment/update.mdx
+++ b/docs/deployment/update.mdx
@@ -38,7 +38,7 @@ Always update **`dograh-api`** and **`dograh-ui`** to the **same tag**. The two
- Asks for a target version (defaults to the latest release tag on GitHub).
- Pulls `docker-compose.yaml` at that version and pins both `api` and `ui` images to it.
- Refreshes the remote helper bundle (`remote_up.sh` plus shared templates/helpers).
-- Synchronizes the canonical remote keys in `.env` and re-renders `nginx.conf` and `turnserver.conf` from the shared templates.
+- Synchronizes the canonical remote keys in `.env` and validates the runtime config that `dograh-init` will render from it.
- Backs up every file it changes with a `.bak.` suffix.
From your install directory:
@@ -62,7 +62,7 @@ After the script finishes, apply the update through the validated startup wrappe
```
-The script overwrites `docker-compose.yaml`, `remote_up.sh`, `nginx.conf`, and `turnserver.conf` from the shared upstream deployment bundle. If you've made local edits to any of these, check the `.bak.` files after the update and re-apply your edits.
+The script overwrites `docker-compose.yaml` and the remote helper bundle (`remote_up.sh`, `scripts/run_dograh_init.sh`, `scripts/lib/remote_common.sh`, and `deploy/templates/*`) from the shared upstream deployment bundle. If you've made local edits to any of these, check the `.bak.` files after the update and re-apply your edits.
## Local deployment
@@ -99,11 +99,10 @@ curl http://localhost:8000/api/v1/health # local
```bash
cd dograh
-for f in docker-compose.yaml nginx.conf turnserver.conf .env; do
+for f in docker-compose.yaml nginx.conf turnserver.conf .env remote_up.sh scripts/run_dograh_init.sh scripts/lib/remote_common.sh deploy/templates/nginx.remote.conf.template deploy/templates/turnserver.remote.conf.template; do
[[ -f "$f.bak." ]] && cp "$f.bak." "$f"
done
-sudo docker compose --profile remote down
-sudo docker compose --profile remote up -d
+./remote_up.sh
```
Your Postgres data volume persists across `down`/`up` cycles, so agents and call history are preserved.
@@ -137,6 +136,6 @@ sudo docker compose --profile remote up -d
If you update the `pipecat` submodule, you **must** run `git submodule update --init --recursive` before rebuilding, or the Docker build will not pick up `pipecat` changes.
-If you maintain a fork with local customizations on top of upstream, merging conflicts in `docker-compose.yaml`, `nginx.conf`, `turnserver.conf`, or `setup_remote.sh` is up to you — resolve them as you would any other git merge. Leave `OSS_JWT_SECRET` and `TURN_SECRET` in `.env` unchanged across updates to preserve sessions and WebRTC auth.
+If you maintain a fork with local customizations on top of upstream, merging conflicts in `docker-compose.yaml`, `remote_up.sh`, `scripts/run_dograh_init.sh`, `deploy/templates/*`, or `setup_remote.sh` is up to you — resolve them as you would any other git merge. Leave `OSS_JWT_SECRET` and `TURN_SECRET` in `.env` unchanged across updates to preserve sessions and WebRTC auth.
The same migration warning above applies: rolling back across a schema change can leave the DB in a state the older API can't read.
diff --git a/remote_up.sh b/remote_up.sh
index 9a97908..90bb027 100755
--- a/remote_up.sh
+++ b/remote_up.sh
@@ -53,7 +53,7 @@ cd "$SCRIPT_DIR"
dograh_info "Running Dograh remote preflight..."
dograh_prepare_remote_install "$SCRIPT_DIR"
docker compose config -q
-dograh_success "✓ Remote config validated"
+dograh_success "✓ dograh-init preflight validated"
if [[ "$VALIDATE_ONLY" == "1" ]]; then
exit 0
diff --git a/scripts/lib/remote_common.sh b/scripts/lib/remote_common.sh
index a1345c8..aa48063 100644
--- a/scripts/lib/remote_common.sh
+++ b/scripts/lib/remote_common.sh
@@ -56,6 +56,25 @@ dograh_template_path() {
dograh_fail "Template '$template_name' not found"
}
+dograh_init_script_path() {
+ local candidate=""
+ local project_dir
+
+ project_dir="$(dograh_project_dir)"
+
+ for candidate in \
+ "$project_dir/scripts/run_dograh_init.sh" \
+ "$DOGRAH_REMOTE_REPO_ROOT/scripts/run_dograh_init.sh"
+ do
+ if [[ -f "$candidate" ]]; then
+ printf '%s\n' "$candidate"
+ return 0
+ fi
+ done
+
+ dograh_fail "run_dograh_init.sh not found"
+}
+
dograh_load_env_file() {
local env_file=${1:-.env}
@@ -233,6 +252,24 @@ dograh_validate_remote_runtime_env() {
[[ "${TURN_HOST}" == "${PUBLIC_HOST}" ]] || dograh_fail "TURN_HOST must match PUBLIC_HOST"
}
+dograh_uses_init_compose_layout() {
+ local project_dir=${1:-$(dograh_project_dir)}
+ local compose_file="$project_dir/docker-compose.yaml"
+
+ [[ -f "$compose_file" ]] || return 1
+ grep -q "dograh-init:" "$compose_file" \
+ && grep -q "nginx-generated:/etc/nginx/conf.d:ro" "$compose_file" \
+ && grep -q "coturn-generated:/etc/coturn:ro" "$compose_file"
+}
+
+dograh_require_init_compose_layout() {
+ local project_dir=${1:-$(dograh_project_dir)}
+
+ if ! dograh_uses_init_compose_layout "$project_dir"; then
+ dograh_fail "This install uses the legacy remote compose layout. Run ./update_remote.sh first so Docker uses dograh-init generated config."
+ fi
+}
+
dograh_render_remote_nginx_conf() {
local project_dir=${1:-$(dograh_project_dir)}
local destination=${2:-"$project_dir/nginx.conf"}
@@ -295,41 +332,40 @@ dograh_render_remote_turn_conf() {
' "$template" > "$destination"
}
-dograh_render_remote_configs() {
- local project_dir=${1:-$(dograh_project_dir)}
-
- dograh_render_remote_nginx_conf "$project_dir"
- dograh_render_remote_turn_conf "$project_dir"
-}
-
-dograh_validate_remote_install() {
+dograh_preflight_remote_init_render() {
local project_dir=${1:-$(dograh_project_dir)}
local env_file="$project_dir/.env"
- local nginx_conf="$project_dir/nginx.conf"
- local turn_conf="$project_dir/turnserver.conf"
local cert_dir="$project_dir/certs"
+ local init_script=""
+ local tmp_root=""
+ local nginx_conf=""
+ local turn_conf=""
local nginx_workers=0
local rendered_secret=""
local rendered_ip=""
local rendered_server_name=""
dograh_load_env_file "$env_file"
-
- [[ -n "${TURN_SECRET:-}" ]] || dograh_fail "TURN_SECRET is missing from .env"
- [[ "${FASTAPI_WORKERS:-}" =~ ^[1-9][0-9]*$ ]] || dograh_fail "FASTAPI_WORKERS must be a positive integer"
- [[ -n "${PUBLIC_HOST:-}" ]] || dograh_fail "PUBLIC_HOST is missing from .env"
- [[ -n "${PUBLIC_BASE_URL:-}" ]] || dograh_fail "PUBLIC_BASE_URL is missing from .env"
- dograh_is_ipv4 "${SERVER_IP:-}" || dograh_fail "SERVER_IP must be a valid IPv4 address"
-
- [[ "${BACKEND_API_ENDPOINT:-}" == "$PUBLIC_BASE_URL" ]] || dograh_fail "BACKEND_API_ENDPOINT must match PUBLIC_BASE_URL"
- [[ "${MINIO_PUBLIC_ENDPOINT:-}" == "$PUBLIC_BASE_URL" ]] || dograh_fail "MINIO_PUBLIC_ENDPOINT must match PUBLIC_BASE_URL"
- [[ "${TURN_HOST:-}" == "$PUBLIC_HOST" ]] || dograh_fail "TURN_HOST must match PUBLIC_HOST"
-
- [[ -f "$nginx_conf" ]] || dograh_fail "nginx.conf not found"
- [[ -f "$turn_conf" ]] || dograh_fail "turnserver.conf not found"
+ dograh_validate_remote_runtime_env
[[ -f "$cert_dir/local.crt" ]] || dograh_fail "certs/local.crt not found"
[[ -f "$cert_dir/local.key" ]] || dograh_fail "certs/local.key not found"
+ init_script="$(dograh_init_script_path)"
+ tmp_root="$(mktemp -d)"
+ nginx_conf="$tmp_root/nginx/default.conf"
+ turn_conf="$tmp_root/coturn/turnserver.conf"
+
+ (
+ export ENVIRONMENT SERVER_IP PUBLIC_HOST PUBLIC_BASE_URL BACKEND_API_ENDPOINT MINIO_PUBLIC_ENDPOINT TURN_HOST TURN_SECRET FASTAPI_WORKERS
+ export DOGRAH_INIT_WORKSPACE_DIR="$project_dir"
+ export DOGRAH_INIT_OUTPUT_ROOT="$tmp_root"
+ export DOGRAH_INIT_CERTS_DIR="$cert_dir"
+ bash "$init_script" >/dev/null
+ )
+
+ [[ -f "$nginx_conf" ]] || dograh_fail "dograh-init did not render nginx config"
+ [[ -f "$turn_conf" ]] || dograh_fail "dograh-init did not render coturn config"
+
nginx_workers=$(awk '/^[[:space:]]*server api:[0-9]+/ { count += 1 } END { print count + 0 }' "$nginx_conf")
[[ "$nginx_workers" -eq "$FASTAPI_WORKERS" ]] || dograh_fail "FASTAPI_WORKERS=$FASTAPI_WORKERS but nginx.conf has $nginx_workers upstream servers"
@@ -341,6 +377,8 @@ dograh_validate_remote_install() {
rendered_ip="$(sed -n 's/^external-ip=//p' "$turn_conf" | head -1)"
[[ "$rendered_ip" == "$SERVER_IP" ]] || dograh_fail "SERVER_IP in .env does not match turnserver.conf"
+
+ rm -rf "$tmp_root"
}
dograh_prepare_remote_install() {
@@ -348,36 +386,42 @@ dograh_prepare_remote_install() {
local env_file="$project_dir/.env"
dograh_sync_remote_env_file "$env_file"
- dograh_load_env_file "$env_file"
- dograh_render_remote_configs "$project_dir"
- dograh_validate_remote_install "$project_dir"
+ dograh_require_init_compose_layout "$project_dir"
+ dograh_preflight_remote_init_render "$project_dir"
+}
+
+dograh_download_bundle_file_for_ref() {
+ local destination=$1
+ local remote_path=$2
+ local ref=${3:-main}
+ local raw_base="https://raw.githubusercontent.com/dograh-hq/dograh/$ref"
+ local fallback_base="https://raw.githubusercontent.com/dograh-hq/dograh/main"
+
+ if ! curl -fsSL -o "$destination" "$raw_base/$remote_path"; then
+ dograh_warn "Warning: '$remote_path' not found at '$ref' - falling back to main"
+ curl -fsSL -o "$destination" "$fallback_base/$remote_path"
+ fi
+}
+
+dograh_download_init_support_bundle() {
+ local project_dir=$1
+ local ref=${2:-main}
+
+ mkdir -p "$project_dir/scripts/lib" "$project_dir/deploy/templates"
+
+ mkdir -p "$project_dir/scripts"
+ dograh_download_bundle_file_for_ref "$project_dir/scripts/lib/remote_common.sh" "scripts/lib/remote_common.sh" "$ref"
+ dograh_download_bundle_file_for_ref "$project_dir/scripts/run_dograh_init.sh" "scripts/run_dograh_init.sh" "$ref"
+ chmod +x "$project_dir/scripts/run_dograh_init.sh"
+ dograh_download_bundle_file_for_ref "$project_dir/deploy/templates/nginx.remote.conf.template" "deploy/templates/nginx.remote.conf.template" "$ref"
+ dograh_download_bundle_file_for_ref "$project_dir/deploy/templates/turnserver.remote.conf.template" "deploy/templates/turnserver.remote.conf.template" "$ref"
}
dograh_download_remote_support_bundle() {
local project_dir=$1
local ref=${2:-main}
- local raw_base="https://raw.githubusercontent.com/dograh-hq/dograh/$ref"
- local fallback_base="https://raw.githubusercontent.com/dograh-hq/dograh/main"
- dograh_download_bundle_file() {
- local destination=$1
- local remote_path=$2
-
- if ! curl -fsSL -o "$destination" "$raw_base/$remote_path"; then
- dograh_warn "Warning: '$remote_path' not found at '$ref' - falling back to main"
- curl -fsSL -o "$destination" "$fallback_base/$remote_path"
- fi
- }
-
- mkdir -p "$project_dir/scripts/lib" "$project_dir/deploy/templates"
-
- dograh_download_bundle_file "$project_dir/remote_up.sh" "remote_up.sh"
+ dograh_download_bundle_file_for_ref "$project_dir/remote_up.sh" "remote_up.sh" "$ref"
chmod +x "$project_dir/remote_up.sh"
-
- mkdir -p "$project_dir/scripts"
- dograh_download_bundle_file "$project_dir/scripts/lib/remote_common.sh" "scripts/lib/remote_common.sh"
- dograh_download_bundle_file "$project_dir/scripts/run_dograh_init.sh" "scripts/run_dograh_init.sh"
- chmod +x "$project_dir/scripts/run_dograh_init.sh"
- dograh_download_bundle_file "$project_dir/deploy/templates/nginx.remote.conf.template" "deploy/templates/nginx.remote.conf.template"
- dograh_download_bundle_file "$project_dir/deploy/templates/turnserver.remote.conf.template" "deploy/templates/turnserver.remote.conf.template"
+ dograh_download_init_support_bundle "$project_dir" "$ref"
}
diff --git a/scripts/setup_custom_domain.sh b/scripts/setup_custom_domain.sh
index 045e34a..2d3ddab 100755
--- a/scripts/setup_custom_domain.sh
+++ b/scripts/setup_custom_domain.sh
@@ -105,6 +105,8 @@ if [[ ! -f remote_up.sh || ! -f scripts/lib/remote_common.sh ]]; then
dograh_download_remote_support_bundle "$(pwd)" "main"
fi
+dograh_require_init_compose_layout "$(pwd)"
+
if docker compose --profile remote ps --quiet 2>/dev/null | grep -q .; then
docker compose --profile remote down
echo -e "${GREEN}✓ Dograh services stopped${NC}"
@@ -172,7 +174,7 @@ chmod 644 certs/local.crt certs/local.key
echo -e "${GREEN}✓${NC} Certificates copied to certs/ directory"
echo ""
-echo -e "${BLUE}[5/7] Updating canonical remote settings and regenerating config...${NC}"
+echo -e "${BLUE}[5/7] Updating canonical remote settings and validating init-based config...${NC}"
dograh_load_env_file .env
if [[ -z "${SERVER_IP:-}" ]]; then
@@ -186,7 +188,7 @@ dograh_set_env_key .env PUBLIC_HOST "$DOMAIN_NAME"
dograh_set_env_key .env PUBLIC_BASE_URL "https://$DOMAIN_NAME"
dograh_delete_env_key .env BACKEND_URL
dograh_prepare_remote_install "$(pwd)"
-echo -e "${GREEN}✓ .env synchronized and remote config regenerated${NC}"
+echo -e "${GREEN}✓ .env synchronized and init-based config validated${NC}"
echo -e "${BLUE}[6/7] Setting up automatic certificate renewal...${NC}"
DOGRAH_PATH="$(pwd)"
@@ -228,8 +230,6 @@ echo -e " Auto-renewal: Enabled (certificates renew automatically)"
echo ""
echo -e "${YELLOW}Files modified:${NC}"
echo " - dograh/.env (canonical public host/base URL updated)"
-echo " - dograh/nginx.conf (re-rendered from shared template)"
-echo " - dograh/turnserver.conf (re-rendered from shared template)"
echo " - dograh/certs/local.crt (SSL certificate)"
echo " - dograh/certs/local.key (SSL private key)"
echo " - /etc/letsencrypt/renewal-hooks/deploy/dograh-reload.sh (renewal hook)"
diff --git a/scripts/setup_local.sh b/scripts/setup_local.sh
index 86a0b71..6ed3ec4 100755
--- a/scripts/setup_local.sh
+++ b/scripts/setup_local.sh
@@ -8,6 +8,26 @@ YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+LIB_PATH="$SCRIPT_DIR/lib/remote_common.sh"
+BOOTSTRAP_LIB=""
+
+if [[ ! -f "$LIB_PATH" ]]; then
+ BOOTSTRAP_LIB="$(mktemp)"
+ curl -fsSL -o "$BOOTSTRAP_LIB" "https://raw.githubusercontent.com/dograh-hq/dograh/main/scripts/lib/remote_common.sh"
+ LIB_PATH="$BOOTSTRAP_LIB"
+fi
+
+cleanup() {
+ if [[ -n "$BOOTSTRAP_LIB" ]]; then
+ rm -f "$BOOTSTRAP_LIB"
+ fi
+}
+trap cleanup EXIT
+
+# shellcheck disable=SC1090
+. "$LIB_PATH"
+
echo -e "${BLUE}"
echo "╔══════════════════════════════════════════════════════════════╗"
echo "║ Dograh Local Setup ║"
@@ -99,52 +119,26 @@ echo ""
# Download compose file (skip when DOGRAH_SKIP_DOWNLOAD=1 — e.g. local repo testing).
TOTAL_STEPS=2
-if [[ "$ENABLE_COTURN" == "true" ]]; then
- TOTAL_STEPS=3
-fi
if [[ "$DOGRAH_SKIP_DOWNLOAD" != "1" ]]; then
- echo -e "${BLUE}[1/$TOTAL_STEPS] Downloading docker-compose.yaml...${NC}"
+ if [[ "$ENABLE_COTURN" == "true" ]]; then
+ echo -e "${BLUE}[1/$TOTAL_STEPS] Downloading docker-compose.yaml and TURN helper bundle...${NC}"
+ else
+ echo -e "${BLUE}[1/$TOTAL_STEPS] Downloading docker-compose.yaml...${NC}"
+ fi
curl -sS -o docker-compose.yaml https://raw.githubusercontent.com/dograh-hq/dograh/main/docker-compose.yaml
- echo -e "${GREEN}✓ docker-compose.yaml downloaded${NC}"
+ if [[ "$ENABLE_COTURN" == "true" ]]; then
+ dograh_download_init_support_bundle "$(pwd)" "main"
+ fi
+ echo -e "${GREEN}✓ Deployment files downloaded${NC}"
else
echo -e "${BLUE}[1/$TOTAL_STEPS] Using docker-compose.yaml in current directory${NC}"
fi
-# Generate turnserver.conf if coturn is enabled
if [[ "$ENABLE_COTURN" == "true" ]]; then
- echo -e "${BLUE}[2/$TOTAL_STEPS] Creating TURN server configuration...${NC}"
- cat > turnserver.conf << TURN_EOF
-# Coturn TURN Server - Docker Configuration (local)
-# Auto-generated by setup_local.sh
-
-# Listener ports
-listening-port=3478
-tls-listening-port=5349
-
-# Relay port range
-min-port=49152
-max-port=49200
-
-# Network - external IP for NAT traversal
-external-ip=$TURN_HOST
-
-# Realm
-realm=dograh.com
-
-# Authentication (TURN REST API with time-limited credentials)
-use-auth-secret
-static-auth-secret=$TURN_SECRET
-
-# Security
-fingerprint
-no-cli
-no-multicast-peers
-
-# Logging
-log-file=stdout
-TURN_EOF
- echo -e "${GREEN}✓ turnserver.conf created${NC}"
+ [[ -f scripts/run_dograh_init.sh ]] || dograh_fail "scripts/run_dograh_init.sh not found. Re-run setup_local.sh without DOGRAH_SKIP_DOWNLOAD=1, or use a full repo checkout."
+ [[ -f scripts/lib/remote_common.sh ]] || dograh_fail "scripts/lib/remote_common.sh not found. Re-run setup_local.sh without DOGRAH_SKIP_DOWNLOAD=1, or use a full repo checkout."
+ [[ -f deploy/templates/turnserver.remote.conf.template ]] || dograh_fail "deploy/templates/turnserver.remote.conf.template not found. Re-run setup_local.sh without DOGRAH_SKIP_DOWNLOAD=1, or use a full repo checkout."
fi
# Generate .env
@@ -182,7 +176,9 @@ echo -e "Files created in ${BLUE}$(pwd)${NC}:"
echo " - docker-compose.yaml"
echo " - .env"
if [[ "$ENABLE_COTURN" == "true" ]]; then
- echo " - turnserver.conf"
+ echo " - scripts/run_dograh_init.sh"
+ echo " - scripts/lib/remote_common.sh"
+ echo " - deploy/templates/"
fi
echo ""
if [[ "$ENABLE_COTURN" == "true" ]]; then
diff --git a/scripts/setup_remote.sh b/scripts/setup_remote.sh
index 576e459..b1474a9 100755
--- a/scripts/setup_remote.sh
+++ b/scripts/setup_remote.sh
@@ -162,7 +162,7 @@ if [[ "${DOGRAH_FORCE_OVERWRITE:-}" != "1" && "${DOGRAH_SKIP_DOWNLOAD:-}" != "1"
echo -e "${RED}Refusing to continue - re-running setup would:${NC}"
echo -e "${RED} - overwrite .env (invalidates sessions, breaks TURN auth)${NC}"
echo -e "${RED} - regenerate SSL certificates${NC}"
- echo -e "${RED} - replace generated nginx.conf and turnserver.conf${NC}"
+ echo -e "${RED} - replace the validated remote deployment bundle${NC}"
echo ""
echo -e "${BLUE}To upgrade an existing install, follow:${NC}"
echo -e " ${BLUE}https://docs.dograh.com/deployment/update${NC}"
@@ -279,9 +279,9 @@ FASTAPI_WORKERS=$FASTAPI_WORKERS
ENV_EOF
echo -e "${GREEN}✓ .env file created${NC}"
-echo -e "${BLUE}[5/$TOTAL] Rendering and validating remote config...${NC}"
+echo -e "${BLUE}[5/$TOTAL] Validating remote init configuration...${NC}"
dograh_prepare_remote_install "$(pwd)"
-echo -e "${GREEN}✓ Remote config rendered and validated${NC}"
+echo -e "${GREEN}✓ Remote init configuration validated${NC}"
if [[ "$DEPLOY_MODE" == "build" ]]; then
echo -e "${BLUE}[6/$TOTAL] Creating docker-compose.override.yaml...${NC}"
@@ -319,8 +319,8 @@ if [[ "$DEPLOY_MODE" == "build" ]]; then
echo " - docker-compose.override.yaml (build directives)"
fi
echo " - remote_up.sh"
-echo " - nginx.conf"
-echo " - turnserver.conf"
+echo " - scripts/run_dograh_init.sh"
+echo " - deploy/templates/"
echo " - generate_certificate.sh"
echo " - certs/local.crt"
echo " - certs/local.key"
diff --git a/scripts/update_remote.sh b/scripts/update_remote.sh
index 3efa5ae..6d9451a 100755
--- a/scripts/update_remote.sh
+++ b/scripts/update_remote.sh
@@ -34,7 +34,7 @@ TIMESTAMP=$(date +%Y%m%d-%H%M%S)
echo -e "${BLUE}"
echo "╔══════════════════════════════════════════════════════════════╗"
echo "║ Dograh Remote Update ║"
-echo "║ Refresh deployment files and re-render remote config ║"
+echo "║ Refresh deployment files and validate runtime config ║"
echo "╚══════════════════════════════════════════════════════════════╝"
echo -e "${NC}"
@@ -169,9 +169,11 @@ echo ""
echo -e "${YELLOW}Files that will be replaced (backups saved with suffix .bak.$TIMESTAMP):${NC}"
echo " - docker-compose.yaml (pulled from GitHub at $TARGET_VERSION)"
echo " - remote_up.sh (startup wrapper / preflight)"
-echo " - nginx.conf (re-rendered from shared templates)"
-echo " - turnserver.conf (re-rendered from shared templates)"
+echo " - scripts/run_dograh_init.sh"
+echo " - scripts/lib/remote_common.sh"
+echo " - deploy/templates/*.template"
echo " - .env (canonical remote keys synchronized)"
+echo " - legacy nginx.conf / turnserver.conf backups will be kept if those files still exist"
echo ""
if [[ -t 0 && "${DOGRAH_UPDATE_YES:-}" != "1" ]]; then
@@ -184,8 +186,19 @@ fi
echo ""
echo -e "${BLUE}[1/3] Backing up existing files...${NC}"
-for f in docker-compose.yaml nginx.conf turnserver.conf .env remote_up.sh; do
+for f in \
+ docker-compose.yaml \
+ nginx.conf \
+ turnserver.conf \
+ .env \
+ remote_up.sh \
+ scripts/run_dograh_init.sh \
+ scripts/lib/remote_common.sh \
+ deploy/templates/nginx.remote.conf.template \
+ deploy/templates/turnserver.remote.conf.template
+do
if [[ -f "$f" ]]; then
+ mkdir -p "$(dirname "$f")"
cp -p "$f" "$f.bak.$TIMESTAMP"
echo -e " ${GREEN}✓ $f → $f.bak.$TIMESTAMP${NC}"
fi
@@ -194,6 +207,7 @@ done
echo -e "${BLUE}[2/3] Downloading deployment bundle at $TARGET_VERSION...${NC}"
curl -fsSL -o docker-compose.yaml "$RAW_BASE/docker-compose.yaml"
dograh_download_remote_support_bundle "$(pwd)" "$TARGET_VERSION"
+rm -f nginx.conf turnserver.conf
if [[ -n "$IMAGE_TAG" ]]; then
sed -i.tmp -E "s#(dograh-(api|ui)):latest#\1:$IMAGE_TAG#g" docker-compose.yaml
@@ -203,11 +217,11 @@ else
dograh_success "✓ docker-compose.yaml updated (image tags left at :latest)"
fi
-echo -e "${BLUE}[3/3] Synchronizing environment and regenerating remote config...${NC}"
+echo -e "${BLUE}[3/3] Synchronizing environment and validating init-based remote config...${NC}"
dograh_set_env_key .env FASTAPI_WORKERS "$FASTAPI_WORKERS"
dograh_prepare_remote_install "$(pwd)"
docker compose config -q
-dograh_success "✓ Remote config rendered and validated"
+dograh_success "✓ Remote init configuration validated"
echo ""
echo -e "${GREEN}╔══════════════════════════════════════════════════════════════╗${NC}"
@@ -222,7 +236,7 @@ echo -e " ${BLUE}./remote_up.sh${NC}"
echo ""
echo -e "${YELLOW}To roll back, restore the backups and re-run the wrapper:${NC}"
echo ""
-echo -e " ${BLUE}for f in docker-compose.yaml nginx.conf turnserver.conf .env remote_up.sh; do${NC}"
+echo -e " ${BLUE}for f in docker-compose.yaml nginx.conf turnserver.conf .env remote_up.sh scripts/run_dograh_init.sh scripts/lib/remote_common.sh deploy/templates/nginx.remote.conf.template deploy/templates/turnserver.remote.conf.template; do${NC}"
echo -e " ${BLUE} [[ -f \"\$f.bak.$TIMESTAMP\" ]] && cp \"\$f.bak.$TIMESTAMP\" \"\$f\"${NC}"
echo -e " ${BLUE}done${NC}"
echo -e " ${BLUE}./remote_up.sh${NC}"